For months now, Gmail inboxes have been flooded with one form or another, of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

I mentioned earlier this month, that I didn’t expect to see this Gmail accounts scam reducing in volume any time soon. And sure enough, late today, I received another email, purportedly from the Gmail Team, in which the phisher attempts to convince me that this is the genuine article.

Dear Account User,

Bear with us, we ere undertaking a major upgrade in our Gmail network to ensure the security and privacy of our Gmail users and improve our service.

All Gmail Account needs Verification to avoid it being shut down due to recent problems encountered by Gmail Database system as a result of the ongoing upgrade. Please supply the details below to clarify that your account. so that it will not be deleted.

Username:

Password:

Birth date:

Country:

Note: Account owner that refuses to update his or her account within Seven days of receiving this notice will lose his or her account permanently.

Thank you for using Gmail!

The Gmail Team

It’s the same old, same old, though. Just like most of these type of emails, this one contains the usual misspelling, grammatical, and punctuation errors.

It looks convincing enough though, that some new Gmail users might easily be taken in. I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are.

As with all emails of this type, the following issues raised immediate questions.

No personalized greeting.

The reply form asks for information that I initially supplied to Gmail when I activated my account.

The reply form asks me to provide my password. Isn’t this supposed to be kept secret even from Gmail?

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address. In this particular case, the email actually came from vodamail.co.za (South Africa).

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

It’s important that you know, that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of.

To further illustrate just how common this is, the article I wrote on being hacked – My Gmail Account Hacked From Nigeria, continues to be one of the most read articles I’ve written.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Another good way to see where these emails come from is to use a site like Whatismyipaddress.com, which has email tracing tools. You just cut and paste the header into the text box and the rest is done for you.

Blogroll

Chicago Mac/PC Support
I have twenty five years experience and Apple Certified Technician and Microsoft Certified System Administrator (MCSA). It is my goal to help others by providing this free information.

Confessions of a Pop Culture Addict
Sam Tweedle is a writer and pop culture addict who has been entertaining and educating fans of the pop culture journey for a decade. His writing has been featured in The National Post, CNN.com, and Filmfax magazine.

Digsites – An Interactive Agency
Digsites is a Philadelphia based interactive and internet development company founded in 2005. Our primary focus is set on providing personalized client solutions including Lead Generation Software, Websites, Web Services, Intranets, Social Networks Integ

FindTheBest
FindTheBest is an unbiased, fact-driven decision engine. We organize and present data in a consumer-friendly format so that you can make quick and informed decisions based on what’s important to you.

Guru Habits
You will find an abundance of articles and other resources on this site to help you achieve your personal development goals in many areas of your life. If you are looking for deep discussions on complex psychological theories, you’ll need to look elsew

Kensington SafeZone
This blog is all about physical security, and if you’re an IT Manager or SMB owner, this is the perfect reference for you. Here, you can find commentary on the latest industry news, security best practices and links to our various smart made simple™ s

Malware Removal Guide for Windows
This guide will help you clean your computer of malware. If you think your computer is infected with a virus or some other malicious software, you may want to use this guide.

Stop Badware.org
StopBadware is the only not for profit organization focused on protecting the public from badware websites. From our start as a project of the Berkman Center for Internet & Society at Harvard University, we have been led by top thinkers in the fields

TuneUp (Blog about Windows)
Our blog is written by a team made up of certified Microsoft experts, authors, and editors from major computer magazines. The people behind this blog also head up one of the most successful tuning suites around, called TuneUp Utilities 2011.

Why Evolution Is True
Jerry A. Coyne, Ph.D is a Professor in the Department of Ecology and Evolution at the University of Chicago and a member of both the Committee on Genetics and the Committee on Evolutionary Biology.